CVE-2014-4341 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Mit	Kerberos 5
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Eus Enterprise Linux Tus Enterprise Linux Workstation

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
krb5-0:1.6.1-78.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2014:1245	2014-09-16T00:00:00Z
Red Hat Enterprise Linux 6
krb5-0:1.10.3-33.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1389	2014-10-13T00:00:00Z
Red Hat Enterprise Linux 7
krb5-0:1.12.2-14.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:0439	2015-03-05T00:00:00Z

Link	Providers
http://advisories.mageia.org/MGASA-2014-0345.html
http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html
http://rhn.redhat.com/errata/RHSA-2015-0439.html
http://secunia.com/advisories/59102
http://secunia.com/advisories/60082
http://secunia.com/advisories/60448
http://security.gentoo.org/glsa/glsa-201412-53.xml
http://www.debian.org/security/2014/dsa-3000
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
http://www.securityfocus.com/bid/68909
http://www.securitytracker.com/id/1030706
https://exchange.xforce.ibmcloud.com/vulnerabilities/94904
https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73
https://nvd.nist.gov/vuln/detail/CVE-2014-4341
https://www.cve.org/CVERecord?id=CVE-2014-4341

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73"}, {"name": "mit-kerberos-cve20144341-dos(94904)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94904"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc"}, {"name": "RHSA-2015:0439", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"}, {"name": "60448", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60448"}, {"name": "FEDORA-2014-8189", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html"}, {"name": "68909", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68909"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949"}, {"name": "DSA-3000", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3000"}, {"name": "MDVSA-2014:165", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165"}, {"name": "GLSA-201412-53", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201412-53.xml"}, {"name": "1030706", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030706"}, {"name": "60082", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60082"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0345.html"}, {"name": "59102", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59102"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4341", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73", "refsource": "CONFIRM", "url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73"}, {"name": "mit-kerberos-cve20144341-dos(94904)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94904"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc"}, {"name": "RHSA-2015:0439", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"}, {"name": "60448", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60448"}, {"name": "FEDORA-2014-8189", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html"}, {"name": "68909", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68909"}, {"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949", "refsource": "CONFIRM", "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949"}, {"name": "DSA-3000", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3000"}, {"name": "MDVSA-2014:165", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165"}, {"name": "GLSA-201412-53", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201412-53.xml"}, {"name": "1030706", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030706"}, {"name": "60082", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60082"}, {"name": "http://advisories.mageia.org/MGASA-2014-0345.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0345.html"}, {"name": "59102", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59102"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:12:35.155Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73"}, {"name": "mit-kerberos-cve20144341-dos(94904)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94904"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc"}, {"name": "RHSA-2015:0439", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"}, {"name": "60448", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60448"}, {"name": "FEDORA-2014-8189", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html"}, {"name": "68909", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68909"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949"}, {"name": "DSA-3000", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3000"}, {"name": "MDVSA-2014:165", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165"}, {"name": "GLSA-201412-53", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201412-53.xml"}, {"name": "1030706", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030706"}, {"name": "60082", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60082"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0345.html"}, {"name": "59102", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59102"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4341", "datePublished": "2014-07-20T10:00:00", "dateReserved": "2014-06-20T00:00:00", "dateUpdated": "2024-08-06T11:12:35.155Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-06-27T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-28T12:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73 (string)

}

1 : { »

name : mit-kerberos-cve20144341-dos(94904) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/94904 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc (string)

}

3 : { »

name : RHSA-2015:0439 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0439.html (string)

}

4 : { »

name : 60448 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/60448 (string)

}

5 : { »

name : FEDORA-2014-8189 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html (string)

}

6 : { »

name : 68909 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/68909 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 (string)

}

8 : { »

name : DSA-3000 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2014/dsa-3000 (string)

}

9 : { »

name : MDVSA-2014:165 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 (string)

}

10 : { »

name : GLSA-201412-53 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : http://security.gentoo.org/glsa/glsa-201412-53.xml (string)

}

11 : { »

name : 1030706 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1030706 (string)

}

12 : { »

name : 60082 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/60082 (string)

}

13 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://advisories.mageia.org/MGASA-2014-0345.html (string)

}

14 : { »

name : 59102 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/59102 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2014-4341 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73 (string)

refsource : CONFIRM (string)

url : https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73 (string)

}

1 : { »

name : mit-kerberos-cve20144341-dos(94904) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/94904 (string)

}

2 : { »

name : http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc (string)

refsource : CONFIRM (string)

url : http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc (string)

}

3 : { »

name : RHSA-2015:0439 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0439.html (string)

}

4 : { »

name : 60448 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/60448 (string)

}

5 : { »

name : FEDORA-2014-8189 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html (string)

}

6 : { »

name : 68909 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/68909 (string)

}

7 : { »

name : http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 (string)

refsource : CONFIRM (string)

url : http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 (string)

}

8 : { »

name : DSA-3000 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2014/dsa-3000 (string)

}

9 : { »

name : MDVSA-2014:165 (string)

refsource : MANDRIVA (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 (string)

}

10 : { »

name : GLSA-201412-53 (string)

refsource : GENTOO (string)

url : http://security.gentoo.org/glsa/glsa-201412-53.xml (string)

}

11 : { »

name : 1030706 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1030706 (string)

}

12 : { »

name : 60082 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/60082 (string)

}

13 : { »

name : http://advisories.mageia.org/MGASA-2014-0345.html (string)

refsource : CONFIRM (string)

url : http://advisories.mageia.org/MGASA-2014-0345.html (string)

}

14 : { »

name : 59102 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/59102 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T11:12:35.155Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73 (string)

}

1 : { »

name : mit-kerberos-cve20144341-dos(94904) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/94904 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc (string)

}

3 : { »

name : RHSA-2015:0439 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0439.html (string)

}

4 : { »

name : 60448 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/60448 (string)

}

5 : { »

name : FEDORA-2014-8189 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html (string)

}

6 : { »

name : 68909 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/68909 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 (string)

}

8 : { »

name : DSA-3000 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2014/dsa-3000 (string)

}

9 : { »

name : MDVSA-2014:165 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

2 : x_transferred (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 (string)

}

10 : { »

name : GLSA-201412-53 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : http://security.gentoo.org/glsa/glsa-201412-53.xml (string)

}

11 : { »

name : 1030706 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1030706 (string)

}

12 : { »

name : 60082 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/60082 (string)

}

13 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://advisories.mageia.org/MGASA-2014-0345.html (string)

}

14 : { »

name : 59102 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/59102 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2014-4341 (string)

datePublished : 2014-07-20T10:00:00 (string)

dateReserved : 2014-06-20T00:00:00 (string)

dateUpdated : 2024-08-06T11:12:35.155Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5877EC2-4E69-45F0-ADDF-48D3F7D49646", "versionEndExcluding": "1.12.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "78FD06FA-44C9-46FE-8014-C381848ADCFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "1995855A-1883-412D-B629-5436E881FF08", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "FC88059E-CCFD-4AFD-9982-41DF225FB840", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session."}, {"lang": "es", "value": "MIT Kerberos 5 (tambi\u00e9n conocido como krb5) anterior a 1.12.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (sobrelectura de buffer y ca\u00edda de aplicaci\u00f3n) mediante la inyecci\u00f3n de tokens inv\u00e1lido en una sesi\u00f3n de la aplicaci\u00f3n GSSAPI."}], "id": "CVE-2014-4341", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-20T11:12:50.823", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2014-0345.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59102"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60082"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60448"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201412-53.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-3000"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68909"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030706"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94904"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2014-0345.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59102"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201412-53.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-3000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:165"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68909"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030706"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94904"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D5877EC2-4E69-45F0-ADDF-48D3F7D49646 (string)

versionEndExcluding : 1.12.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 33C068A4-3780-4EAB-A937-6082DF847564 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 807C024A-F8E8-4B48-A349-4C68CD252CA1 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* (string)

matchCriteriaId : F96E3779-F56A-45FF-BB3D-4980527D721E (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 0CF73560-2F5B-4723-A8A1-9AADBB3ADA00 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 5BF3C7A5-9117-42C7-BEA1-4AA378A582EF (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 83737173-E12E-4641-BC49-0BD84A6B29D0 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 51EF4996-72F4-4FA4-814F-F5991E7A8318 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 98381E61-F082-4302-B51F-5648884F998B (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* (string)

matchCriteriaId : D99A687E-EAE6-417E-A88E-D0082BC194CD (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* (string)

matchCriteriaId : B353CE99-D57C-465B-AAB0-73EF581127D1 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 7431ABC1-9252-419E-8CC1-311B41360078 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : A8442C20-41F9-47FD-9A12-E724D3A31FD7 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* (string)

matchCriteriaId : BF77CDCF-B9C9-427D-B2BF-36650FB2148C (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 21690BAC-2129-4A33-9B48-1F3BF30072A9 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_tus:7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 78FD06FA-44C9-46FE-8014-C381848ADCFF (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_tus:7.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 1995855A-1883-412D-B629-5436E881FF08 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_tus:7.7:*:*:*:*:*:*:* (string)

matchCriteriaId : FC88059E-CCFD-4AFD-9982-41DF225FB840 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 825ECE2D-E232-46E0-A047-074B34DB1E97 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 16F59A04-14CF-49E2-9973-645477EA09DA (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* (string)

matchCriteriaId : FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. (string)

}

1 : { »

lang : es (string)

value : MIT Kerberos 5 (también conocido como krb5) anterior a 1.12.2 permite a atacantes remotos causar una denegación de servicio (sobrelectura de buffer y caída de aplicación) mediante la inyección de tokens inválido en una sesión de la aplicación GSSAPI. (string)

}

]

id : CVE-2014-4341 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-07-20T11:12:50.823 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://advisories.mageia.org/MGASA-2014-0345.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0439.html (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/59102 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60082 (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60448 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://security.gentoo.org/glsa/glsa-201412-53.xml (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2014/dsa-3000 (string)

}

10 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 (string)

}

11 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/68909 (string)

}

12 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1030706 (string)

}

13 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/94904 (string)

}

14 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://advisories.mageia.org/MGASA-2014-0345.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0439.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/59102 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60082 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60448 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://security.gentoo.org/glsa/glsa-201412-53.xml (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2014/dsa-3000 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/68909 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1030706 (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/94904 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-125 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2014:1245", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "krb5-0:1.6.1-78.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-09-16T00:00:00Z"}, {"advisory": "RHSA-2014:1389", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "krb5-0:1.10.3-33.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2015:0439", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "krb5-0:1.12.2-14.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "krb5: denial of service flaws when handling padding length longer than the plaintext", "id": "1116180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116180"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-130->CWE-125", "details": ["MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.", "A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application."], "name": "CVE-2014-4341", "public_date": "2014-06-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-4341\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4341"], "threat_severity": "Low"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2014:1245 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : krb5-0:1.6.1-78.el5 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2014-09-16T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2014:1389 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : krb5-0:1.10.3-33.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2015:0439 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : krb5-0:1.12.2-14.el7 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2015-03-05T00:00:00Z (string)

}

]

bugzilla : { »

description : krb5: denial of service flaws when handling padding length longer than the plaintext (string)

id : 1116180 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1116180 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 4.3 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:N/I:N/A:P (string)

status : verified (string)

}

cwe : CWE-130->CWE-125 (string)

details : [ »

0 : MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. (string)

1 : A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. (string)

]

name : CVE-2014-4341 (string)

public_date : 2014-06-26T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2014-4341 https://nvd.nist.gov/vuln/detail/CVE-2014-4341 (string)

]

threat_severity : Low (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object